Skip to content

GDB memory reads fail on Cortex-M33

Host environment

  • Operating system: Fedora 36
  • OS/kernel version: Linux dreiss-fedora-PC0MZ7A2 6.0.11-200.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Dec 2 20:38:11 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
  • Architecture: x86_64 host, Arm cortex-m33 emulated
  • QEMU flavor: qemu-system-arm
  • QEMU version: QEMU emulator version 7.2.50 (v7.2.0-334-gca5181d8d7-dirty) (This is based on upstream git revision 222059a0 with some irrelevant local changes).
  • QEMU command line: --> 
    ~/work/qemu/build/qemu-system-arm -machine mps2-an505 -nographic -kernel build/kernel.elf -s -S -d int

Emulated/Virtualized environment

  • Operating system: Bare metal
  • OS/kernel version: None
  • Architecture: Arm Cortex M-33

Description of problem

GDB fails to read memory from the guest. There appear to be at least two problems:

  1. In arm_cpu_get_phys_page_attrs_debug, arm_is_secure(env) returns false, because the implementation doesn't seem to know about Armv7-M or Armv8-M secure states. However, arm_mmu_idx(env) does know how to check env->v7m.secure, so it returns ARMMMUIdx_MSPriv (the S stands for secure). The mismatch between an apparently non-secure access to a secure MMU seems to cause the read to fail laster.
  2. With the MPU enabled (not the case in this repro, but I can provide one), cpu_memory_rw_debug computes page = addr & TARGET_PAGE_MASK, and uses the page to compute permissions. However, TARGET_PAGE_MASK is based on 4K pages on this platform, but the MPU granularity is 32 bytes. So the wrong page is used for checking.

Steps to reproduce

# Sorry for the large clone.  It's mostly unused files in CMSIS.
git clone --recursive -b qemu-repro-1 https://github.com/dreiss/mpu_experiments
cd mpu_experiments
git checkout origin/qemu-repro-1
cmake -S . -B build -DBOARD=qemu-mps2-an505 -DAPP=mpu_stacktrace -DCMAKE_BUILD_TYPE=Debug
cmake --build build
/path/to/qemu-system-arm -machine mps2-an505 -nographic -kernel build/kernel.elf -s -S -d int
# Open a separate terminal and cd into mpu_experiments
gdb build/kernel.elf -ex 'target remote :1234' -ex 'break base_case' -ex continue -ex backtrace -ex quit
# Note the memory read failures in the backtrace.

Additional information

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information